Merge pull request #23971 from nextcloud/backport/23936/stable20

[stable20] Use query builder instead of OC_DB in trashbin

apps/files_trashbin/lib/Trashbin.php

@@ -128,17 +128,20 @@ public static function getUidAndFilename($filename) {
 	 * @return array (filename => array (timestamp => original location))
 	 */
 	public static function getLocations($user) {
-		$query = \OC_DB::prepare('SELECT `id`, `timestamp`, `location`'
-			. ' FROM `*PREFIX*files_trash` WHERE `user`=?');
-		$result = $query->execute([$user]);
+		$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$query->select('id', 'timestamp', 'location')
+			->from('files_trash')
+			->where($query->expr()->eq('user', $query->createNamedParameter($user)));
+		$result = $query->execute();
 		$array = [];
-		while ($row = $result->fetchRow()) {
+		while ($row = $result->fetch()) {
 			if (isset($array[$row['id']])) {
 				$array[$row['id']][$row['timestamp']] = $row['location'];
 			} else {
 				$array[$row['id']] = [$row['timestamp'] => $row['location']];
 			}
 		}
+		$result->closeCursor();
 		return $array;
 	}
 
@@ -151,11 +154,19 @@ public static function getLocations($user) {
 	 * @return string original location
 	 */
 	public static function getLocation($user, $filename, $timestamp) {
-		$query = \OC_DB::prepare('SELECT `location` FROM `*PREFIX*files_trash`'
-			. ' WHERE `user`=? AND `id`=? AND `timestamp`=?');
-		$result = $query->execute([$user, $filename, $timestamp])->fetchAll();
-		if (isset($result[0]['location'])) {
-			return $result[0]['location'];
+		$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$query->select('location')
+			->from('files_trash')
+			->where($query->expr()->eq('user', $query->createNamedParameter($user)))
+			->andWhere($query->expr()->eq('id', $query->createNamedParameter($filename)))
+			->andWhere($query->expr()->eq('timestamp', $query->createNamedParameter($timestamp)));
+
+		$result = $query->execute();
+		$row = $result->fetch();
+		$result->closeCursor();
+
+		if (isset($row['location'])) {
+			return $row['location'];
 		} else {
 			return false;
 		}
@@ -208,8 +219,13 @@ private static function copyFilesToUser($sourcePath, $owner, $targetPath, $user,
 
 
 		if ($view->file_exists($target)) {
-			$query = \OC_DB::prepare("INSERT INTO `*PREFIX*files_trash` (`id`,`timestamp`,`location`,`user`) VALUES (?,?,?,?)");
-			$result = $query->execute([$targetFilename, $timestamp, $targetLocation, $user]);
+			$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+			$query->insert('files_trash')
+				->setValue('id', $query->createNamedParameter($targetFilename))
+				->setValue('timestamp', $query->createNamedParameter($timestamp))
+				->setValue('location', $query->createNamedParameter($targetLocation))
+				->setValue('user', $query->createNamedParameter($user));
+			$result = $query->execute();
 			if (!$result) {
 				\OC::$server->getLogger()->error('trash bin database couldn\'t be updated for the files owner', ['app' => 'files_trashbin']);
 			}
@@ -322,8 +338,13 @@ public static function move2trash($file_path, $ownerOnly = false) {
 		}
 
 		if ($moveSuccessful) {
-			$query = \OC_DB::prepare("INSERT INTO `*PREFIX*files_trash` (`id`,`timestamp`,`location`,`user`) VALUES (?,?,?,?)");
-			$result = $query->execute([$filename, $timestamp, $location, $owner]);
+			$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+			$query->insert('files_trash')
+				->setValue('id', $query->createNamedParameter($filename))
+				->setValue('timestamp', $query->createNamedParameter($timestamp))
+				->setValue('location', $query->createNamedParameter($location))
+				->setValue('user', $query->createNamedParameter($owner));
+			$result = $query->execute();
 			if (!$result) {
 				\OC::$server->getLogger()->error('trash bin database couldn\'t be updated', ['app' => 'files_trashbin']);
 			}
@@ -481,8 +502,12 @@ public static function restore($file, $filename, $timestamp) {
 			self::restoreVersions($view, $file, $filename, $uniqueFilename, $location, $timestamp);
 
 			if ($timestamp) {
-				$query = \OC_DB::prepare('DELETE FROM `*PREFIX*files_trash` WHERE `user`=? AND `id`=? AND `timestamp`=?');
-				$query->execute([$user, $filename, $timestamp]);
+				$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+				$query->delete('files_trash')
+					->where($query->expr()->eq('user', $query->createNamedParameter($user)))
+					->andWhere($query->expr()->eq('id', $query->createNamedParameter($filename)))
+					->andWhere($query->expr()->eq('timestamp', $query->createNamedParameter($timestamp)));
+				$query->execute();
 			}
 
 			return true;
@@ -568,8 +593,11 @@ public static function deleteAll() {
 
 		// actual file deletion
 		$trash->delete();
-		$query = \OC_DB::prepare('DELETE FROM `*PREFIX*files_trash` WHERE `user`=?');
-		$query->execute([$user]);
+
+		$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$query->delete('files_trash')
+			->where($query->expr()->eq('user', $query->createNamedParameter($user)));
+		$query->execute();
 
 		// Bulk PostDelete-Hook
 		\OC_Hook::emit('\OCP\Trashbin', 'deleteAll', ['paths' => $filePaths]);
@@ -618,8 +646,13 @@ public static function delete($filename, $user, $timestamp = null) {
 		$size = 0;
 
 		if ($timestamp) {
-			$query = \OC_DB::prepare('DELETE FROM `*PREFIX*files_trash` WHERE `user`=? AND `id`=? AND `timestamp`=?');
-			$query->execute([$user, $filename, $timestamp]);
+			$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+			$query->delete('files_trash')
+				->where($query->expr()->eq('user', $query->createNamedParameter($user)))
+				->andWhere($query->expr()->eq('id', $query->createNamedParameter($filename)))
+				->andWhere($query->expr()->eq('timestamp', $query->createNamedParameter($timestamp)));
+			$query->execute();
+
 			$file = $filename . '.d' . $timestamp;
 		} else {
 			$file = $filename;
@@ -701,8 +734,10 @@ public static function file_exists($filename, $timestamp = null) {
 	 * @return bool result of db delete operation
 	 */
 	public static function deleteUser($uid) {
-		$query = \OC_DB::prepare('DELETE FROM `*PREFIX*files_trash` WHERE `user`=?');
-		return $query->execute([$uid]);
+		$query = \OC::$server->getDatabaseConnection()->getQueryBuilder();
+		$query->delete('files_trash')
+			->where($query->expr()->eq('user', $query->createNamedParameter($uid)));
+		return (bool) $query->execute();
 	}
 
 	/**

build/psalm-baseline.xml

@@ -3904,6 +3904,9 @@
     </InvalidScalarArgument>
   </file>
   <file src="lib/private/DB/QueryBuilder/ExpressionBuilder/OCIExpressionBuilder.php">
+    <ImplicitToStringCast occurrences="1">
+      <code>$this-&gt;functionBuilder-&gt;lower($x)</code>
+    </ImplicitToStringCast>
     <InvalidReturnStatement occurrences="1">
       <code>parent::castColumn($column, $type)</code>
     </InvalidReturnStatement>
@@ -3917,6 +3920,9 @@
     </ImplicitToStringCast>
   </file>
   <file src="lib/private/DB/QueryBuilder/QueryBuilder.php">
+    <ImplicitToStringCast occurrences="1">
+      <code>$value</code>
+    </ImplicitToStringCast>
     <InvalidArgument occurrences="1">
       <code>$this-&gt;connection</code>
     </InvalidArgument>

lib/private/DB/QueryBuilder/QueryBuilder.php

@@ -868,7 +868,7 @@ public function addGroupBy(...$groupBys) {
 	 * </code>
 	 *
 	 * @param string $column The column into which the value should be inserted.
-	 * @param string $value The value that should be inserted into the column.
+	 * @param IParameter|string $value The value that should be inserted into the column.
 	 *
 	 * @return $this This QueryBuilder instance.
 	 */

lib/public/DB/QueryBuilder/IQueryBuilder.php

@@ -651,7 +651,7 @@ public function addGroupBy(...$groupBy);
 	 * </code>
 	 *
 	 * @param string $column The column into which the value should be inserted.
-	 * @param string $value The value that should be inserted into the column.
+	 * @param IParameter|string $value The value that should be inserted into the column.
 	 *
 	 * @return $this This QueryBuilder instance.
 	 * @since 8.2.0